various amendments

README.md

@@ -38,6 +38,19 @@ The Hatchlor integrates the following features:
 * [EditorConfig]: maintain consistent coding styles for multiple developers,
 * [src-layout]: the actual Python package is kept under a `src` folder avoiding many common errors.
 
+Please note additional integrations and following amendments:
+
+* [semantic-release]: local prepare of a commit: create changelog and commit with a version tag
+* [bump-my-version] and [generate-changelog]: alternative to [semantic-release]
+* [gitlint]: include linting of commit messages
+* [GitHub Actions]: reworked workflows - dump context, add test publishing on TestPy, switch to new PyPi mechanism
+
+The amendments support a local development and commit process while "outsourcing" testing for different OS
+and with  different Python versions to GitHub.
+The local committing includes preparation of a changelog. It is based on semantic-versioning.
+Commit-messages are linted to enforce commit messages according to conventional commits format as
+basis for a proper and automatically generated changelog.
+
 The template includes a `skeleton.py` with a simple function `fib` that calculates the Fibonacci numbers
 as demonstration. This is tested with `tests/test_skeleton.py` to demonstrate the corresponding features
 from above. As an additional tidbit, `skeleton.py` also features [Typer] to show how `fib` can be

cookiecutter.json

@@ -11,6 +11,7 @@
   "project_repo": "https://github.com/{{ cookiecutter.github_username }}/{{ cookiecutter.project_slug }}",
   "pypi_username": "{{ cookiecutter.github_username }}",
   "lock_file_support": false,
+  "gitlint_commitmsg_linter": true,
   "__prompts__": {
     "full_name": "Provide your [bold yellow]full name[/]",
     "email": "Provide your [bold yellow]email[/]",
@@ -23,6 +24,7 @@
     "open_source_license": "Provide the [bold yellow]license[/] of this project",
     "pypi_username": "Optionally, provide a [bold yellow]PyPI user name[/]",
     "github_username": "Optionally, provide a [bold yellow]Github user name[/]",
-    "lock_file_support": "Activate support for lock files?"
+    "lock_file_support": "Activate support for lock files?",
+    "gitlint_commitmsg_linter": "Include gitlint commit message linter?"
   }
 }

hooks/post_gen_project.py

@@ -1,4 +1,10 @@
 import subprocess
+import os
+
+
+if not {{cookiecutter.gitlint_commitmsg_linter}}:
+    if os.path.exists(".gitlint"):
+        os.remove(".gitlint")
 
 try:
     subprocess.call(['git', 'init', '--initial-branch', 'main'])

{{cookiecutter.project_slug}}/.changelog-config.yaml

@@ -0,0 +1,123 @@
+# For more configuration information, please see https://callowayproject.github.io/generate-changelog/
+
+# User variables for reference in other parts of the configuration.
+variables:
+  changelog_filename: CHANGELOG.md
+
+# Pipeline to find the most recent tag for incremental changelog generation.
+# Leave empty to always start at first commit.
+starting_tag_pipeline:
+  - action: ReadFile
+    kwargs:
+      filename: '{% raw %}{{ changelog_filename }}{% endraw %}'
+  - action: FirstRegExMatch
+    kwargs:
+      pattern: (?im)^## (?P<rev>\d+\.\d+(?:\.\d+)?)\s+\(\d+-\d{2}-\d{2}\)$
+      named_subgroup: rev
+
+# Used as the version title of the changes since the last valid tag.
+unreleased_label: Unreleased
+
+# Process the commit's first line for use in the changelog.
+summary_pipeline:
+  - action: strip_spaces
+  - action: Strip
+    comment: Get rid of any periods so we don't get double periods
+    kwargs:
+      chars: .
+  - action: SetDefault
+    args:
+      - no commit message
+  - action: capitalize
+  - action: append_dot
+
+# Process the commit's body for use in the changelog.
+body_pipeline:
+  - action: ParseTrailers
+    comment: Parse the trailers into metadata.
+    kwargs:
+      commit_metadata: save_commit_metadata
+
+# Process and store the full or partial changelog.
+output_pipeline:
+  - action: IncrementalFileInsert
+    kwargs:
+      filename: '{% raw %}{{ changelog_filename }}{% endraw %}'
+      last_heading_pattern: (?im)^## \d+\.\d+(?:\.\d+)?\s+\([0-9]+-[0-9]{2}-[0-9]{2}\)$
+
+# Group the commits within a version by these commit attributes.
+group_by:
+  - metadata.category
+
+# Only tags matching this regular expression are used for the changelog.
+# tag_pattern: ^[0-9]+\.[0-9]+(?:\.[0-9]+)?$
+# tag_pattern: ^v[0-9]+\.[0-9]+(?:\.[0-9]+)?$
+# Version tags RegEx from https://regex101.com/r/vkijKf/1/ preceeded by v
+tag_pattern: ^(v0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+
+# Tells ``git-log`` whether to include merge commits in the log.
+include_merges: true
+
+# Ignore commits whose summary line matches any of these regular expression patterns.
+ignore_patterns:
+  - '[@!]minor'
+  - '[@!]cosmetic'
+  - '[@!]refactor'
+  - '[@!]wip'
+  - ^$
+  - ^Merge branch
+  - ^Merge pull
+  - ^[0-9]+\.[0-9]+(?:\.[0-9]+)?(?:\.)?   # release commit for semantic-release
+
+# Set the commit's category metadata to the first classifier that returns ``True``.
+commit_classifiers:
+  - action: SummaryRegexMatch
+    category: New Features
+    kwargs:
+      pattern: (?i)^(?:new|add)[^\n]*$
+  - action: SummaryRegexMatch
+    category: Updates
+    kwargs:
+      pattern: (?i)^(?:update|change|rename|remove|delete|improve|refactor|chg|modif)[^\n]*$
+  - action: SummaryRegexMatch
+    category: Fixes
+    kwargs:
+      pattern: (?i)^(?:fix)[^\n]*$
+  - action:
+    category: Other
+
+# Tokens in git commit trailers that indicate authorship.
+valid_author_tokens:
+  - author
+  - based-on-a-patch-by
+  - based-on-patch-by
+  - co-authored-by
+  - co-committed-by
+  - contributions-by
+  - from
+  - helped-by
+  - improved-by
+  - original-patch-by
+
+# Rules applied to commits to determine the type of release to suggest.
+release_hint_rules:
+  - match_result: dev
+    branch: ^((?!master|main).)*$
+  - match_result: patch
+    grouping: Other
+    branch: master|main
+  - match_result: patch
+    grouping: Fixes
+    branch: master|main
+  - match_result: minor
+    grouping: Updates
+    branch: master|main
+  - match_result: minor
+    grouping: New
+    branch: master|main
+  - match_result: minor
+    grouping: New Features
+    branch: master|main
+  - match_result: major
+    grouping: Breaking Changes
+    branch: master|main

{{cookiecutter.project_slug}}/.github/workflows/build.yml

@@ -1,75 +1,151 @@
-name: Build
+name: Build and Release Package
 
 on: [push, pull_request]
 
 jobs:
-  test:
 
-    runs-on: {% raw %}${{ matrix.os }}{% endraw %}
+  dump-context:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Dump context "GitHub"
+        env:
+          GITHUB_CONTEXT: {% raw %}${{ toJson(github) }}{% endraw %}
+        run: echo "$GITHUB_CONTEXT"
+
+  build-test:
     strategy:
       matrix:
-        os: [ubuntu-latest]
-        python_version: ['{{ cookiecutter.target_python_version }}']
-
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: {% raw %}${{ matrix.os }}{% endraw %}
+    if: startsWith(github.ref, 'refs/tags/')
     steps:
-      - uses: actions/checkout@v4
+      - name: Check out the repository
+        uses: actions/checkout@v4
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: {% raw %}${{ matrix.python_version }}{% endraw %}
+          python-version: '3.x'
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install hatch pre-commit
+          pip install hatch pre-commit coverage
           hatch env create
       - name: Lint and typecheck
         run: |
           hatch run lint:all
-      - name: Run Tests
+      - name: Run Tests with coverage analysis
         run: |
-          hatch run test:pytest
+          hatch test --cover
       - uses: codecov/codecov-action@v4
         with:
           token: {% raw %}${{ secrets.CODECOV_TOKEN }}{% endraw %}
           fail_ci_if_error: true
           verbose: true
 
-  release:
+  build-distribution:
     runs-on: ubuntu-latest
-    environment: release
-    needs: test
-    if: startsWith(github.ref, 'refs/tags/')
-    permissions:
-      contents: write
-      id-token: write
-
+    needs: build-test
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up Python {% raw %}${{ matrix.python_version }}{% endraw %}
+      - name: Check out the repository
+        uses: actions/checkout@v4
+      - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: '{{ cookiecutter.target_python_version }}'
+          python-version: '3.x'
       - name: Install dependencies
         shell: bash
         run: |
           python -m pip install --upgrade pip
           pip install hatch pre-commit
-      - name: Build
+      - name: Build with Hatch
         run: |
           hatch build
+      - name: Upload distributions
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-testpypi:
+    runs-on: ubuntu-latest
+    needs: build-distribution
+    environment:
+      name: pypi-test
+      url: https://testpypi.org/project/p/{% raw %}${{ github.event.repository.name }}{% endraw %}
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
       - name: Publish 📦 to Test PyPI
-        if: startsWith(github.ref, 'refs/heads/main')
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          skip_existing: true
-          user: __token__
-          password: {% raw %}${{ secrets.TEST_PYPI_SECRECT }}{% endraw %}
           packages-dir: dist/
           repository-url: https://test.pypi.org/legacy/
+          verbose: true
+          # skip-existing: true
+          # user: __token__
+          # password: {% raw %}${{ secrets.TEST_PYPI_SECRECT }}{% endraw %}
+
+  publish-pypi:
+    runs-on: ubuntu-latest
+    needs: [ build-distribution, publish-testpypi ]
+    environment:
+      name: pypi
+      url: https://pypi.org/project/p/{% raw %}${{ github.event.repository.name }}{% endraw %}
+    permissions:
+      id-token: write
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
       - name: Publish 📦 to PyPI
-        if: startsWith(github.ref, 'refs/heads/main')
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          user: __token__
-          password: {% raw %}${{ secrets.PYPI_SECRECT }}{% endraw %}
           packages-dir: dist/
+          # repository-url = "https://upload.pypi.org/legacy/"
+          verbose: true
+          # user: __token__
+          # password: {% raw %}${{ secrets.PYPI_SECRECT }}{% endraw %}
+
+  github-release:
+    runs-on: ubuntu-latest
+    needs: publish-pypi
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+      - name: Sign the Python 🐍 distribution 📦 with Sigstore
+        uses: sigstore/[email protected]
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+      - name: Create GitHub Release
+        env:
+          GITHUB_TOKEN: {% raw %}${{ github.token }}{% endraw %}
+        run: >-
+          gh release create
+          '{% raw %}${{ github.ref_name }}{% endraw %}'
+          --repo '{% raw %}${{ github.repository }}{% endraw %}'
+          --notes ""
+      - name: Upload artifact signatures to GitHub Release
+        env:
+          GITHUB_TOKEN: {% raw %}${{ github.token }}{% endraw %}
+        # Upload to GitHub Release using the `gh` CLI.
+        # `dist/` contains the built packages, and the
+        # sigstore-produced signatures and certificates.
+        run: >-
+          gh release upload
+          '{% raw %}${{ github.ref_name }}{% endraw %}' dist/**
+          --repo '{% raw %}${{ github.repository }}{% endraw %}'